ICO issues data protection guide for cloud users
Watchdog tries to clear up some of the confusion around data protection and processing in the cloud.
The Information Commissioner's Office (ICO) has reminded business leaders of their responsibilities when it comes to safeguarding personal data in the cloud.
The data protection watchdog claims many end users do not realise that the onus is on them to ensure the data they store in the cloud is handled responsibly.
To this end, the ICO has issued guidance, setting out the precautions businesses should take with their data before handing it over to a cloud provider.
Demanding a written contract from Google or Microsoft is unlikely to prove fruitful.
For example, the guidance advises readers to seek assurances from prospective cloud providers about the digital and physical security methods they use to lockdown users data.
It also advises them to have a written contract in place with their chosen provider, which will prevent them from changing the terms of their partnership without prior agreement.
Speaking to IT Pro, Dr Simon Rice, the ICO's technology advisor, said the guidance was produced to help ease some of the concerns data controllers have about embracing cloud.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Over the last six months or so...we've been receiving enquiries from data controllers in the SMB, enterprise and public sector about cloud," said Rice.
"This was our chance to document all the issues that a data controller need to think about before they can move to the cloud," he added.
The ICO regularly fields questions from concerned end users about whether or not they should entrust their data to overseas cloud providers, revealed Rice, which the guidance hopes to address.
"We get a lot of the same questions coming along about security and international transfers," he said. "But we also get more general enquiries from people wanting to know, if we use this system from a cloud provider, what kind of things do I need to take into account?"
Ian Moyse, sales director at cloud-based CRM provider Workbooks.com, welcomed the ICO's attempts to educate users, claiming it should encourage more of them to adopt cloud.
However, the ICO's recommendation that users should obtain a written contract from their chosen cloud provider could prove difficult for many end users to follow through.
"You rarely have this with a software license provider and cloud is seeing rapid and wide customer engagement, which could make this administratively prohibitive," he told IT Pro.
"Demanding a written contract from Google or Microsoft is unlikely to prove fruitful."